WHAT IS CLAIMED IS: 



1. In a data replication system having a primary computer system and a backup 
computer system, a method of lock-step replication of database updates that occurred in 
the primary computer system to the backup computer system, the method comprising: 

within a first application executing on the primary computer system: 

performing and completing a first transaction on the primary computer 

system, the first transaction updating a first file in the primary computer system; 

in the primary computer system, upon completing the first transaction, 

initiating a lockstep transaction that updates a second file in the primary computer system; 

and 

waiting to receive a predefined message prior to performing any further 

operations; 

sending audit records from the primary computer system to the backup computer 
system, the sent audit records including audit records representing the updates to the first 
file by the first transaction and the updates to the second file by the lockstep transaction; 

receiving from the backup computer system confirmation that the audit records 
representing the updates to the first file by the first transaction and the updates to the 
second file by the lockstep transaction have been durably stored by the backup computer 
system, and upon receiving said confirmation, sending the predefined message to the first 
application. 

2. The method of claim 1 wherein the lockstep transaction is initiated by a procedure 
call made immediately upon completion of the first transaction. 

3. The method of claim 1 wherein the first application performs an operation 
dependent upon completion of the first transaction only after receiving the first predefined 
message. 

4. The method of claim 1 further comprising: 

upon occurrence of a pre-determined event that terminates the lockstep transaction, 
initiating a second lockstep transaction that updates the second file in the primary 
computer system; 

after the second lockstep transaction is initiated, sending audit records from the 
primary computer system to the backup computer system, the sent audit records including 
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audit records representing the updates to the second file by the another lockstep 
transaction; 

after the second lockstep transaction is initiated, ignoring said confirmation that the 
audit records representing the updates to the first file by the first transaction and the 
5 updates to the second file by the lockstep transaction have been durably stored by the 
backup computer system; 

after the second lockstep transaction is initiated, receiving a second confirmation 
that the audit records representing the updates to the second file by the second lockstep 
transaction have been durably stored by the backup computer system, and upon receiving 
10 said second confirmation, sending the predefined message to the first application. 

H* 5. In a data replication system having a primary computer system and a backup 

5, computer system, a method of lock-step replication of database updates that occurred in 

Lfi the primary computer system to the backup computer system, the method comprising: 

£^15 initiating a lockstep transaction; 

p generating a lockstep audit record corresponding to the lockstep transaction, the 

lockstep audit record having a first transaction identifier; 
storing the lockstep audit record in an audit trail; 

reading audit records stored in the audit trail in a sequence in which the audit 



n 



W 

W 20 records are stored; 



transmitting the audit records to the backup computer system, wherein the backup 
computer system includes mechanism for safely storing the lockstep audit record and audit 
records preceding the lockstep audit record immediately upon receiving the lockstep audit 
record, the backup computer system further including mechanisms for transmitting a safe 
25 audit trail position of the lockstep audit record to the primary computer system after the 
lockstep audit record is safely stored; 

receiving the safe audit trail position from the backup computer system; 
checking whether the safe audit trail position corresponds to a lockstep transaction 
that is currently active; and 
30 based on results of the checking step, indicating completion of the lockstep 

replication procedure. 

6. The method of claim 5, further comprising: 

storing the first transaction identifier at a first location of a pre-defined data 
35 structure; and 
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during the reading step and upon encountering the first lockstep audit record, 
extracting an audit trail position and a transaction identifier from the first lockstep audit 
record; 

storing the extracted audit trail position at a second location of the pre-defined data 
5 structure; and 

storing the extracted transaction identifier at a third location of the pre-defined data 
structure. 



7. The method of claim 6, wherein the checking step comprises: 
10 comparing the safe audit trail position to the audit trail position stored at the 

second location; and 

comparing the transaction identifier stored at the first location and the transaction 
identifier stored at the third location. 



W 15 8. The method of claim 7, further comprising: 

upon occurrence of an event that disrupts the lockstep replication procedure before 
W\ completion, performing another lockstep transaction, the another lockstep transaction 

aa 

i«j having a new transaction identifier; and 

M' storing the new transaction identifier in the first location of pre-defined data 

P I 20 structure such that the checking step results in a mismatch between the transaction 



identifier stored at the first location and the transaction identifier stored at the third 
location. 



9. The method of claim 5, further comprising: 
25 pausing execution of an application program upon initiation of the lockstep 

replication procedure; and 

resuming execution of the application program upon completion of the lockstep 
replication procedure. 

30 10. The method of claim 5, wherein the transmitting step comprises transmitting at 
least a subset of the audit records to the backup computer system in a message buffer, and 
wherein the backup computer system is configured to return an audit trail position of a last 
saved audit record as the safe audit trail position without ensuring the audit records of the 
message buffer are durably stored unless the lockstep audit record is included in the 

35 message buffer. 



9806-0037-999. Compaq P0-3822US 



-27- 



CAl -294364.1 



11. In a data replication system having a primary computer system and a backup 
computer system, a method of lock-step replication of database updates that occurred in 
the primary computer system to the backup computer system, the method comprising: 

initiating a first lockstep replication procedure and performing a first update on a 
5 pre-determined file in the primary system, the first update being identified by a first unique 
transaction identifier; 

storing the first unique transaction identifier in a pre-defined data structure in the 
primary system as a lockstep gateway transaction identifier (LockStep_Gateway_TID); 
generating audit records that indicate database updates pertaining to database 
10 transactions performed on the primary system, the audit records further including a first 
lockstep audit record that is associated with the first update on the pre-determined file and 
that includes the first unique transaction identifier; 

storing the audit records in an audit trail in the primary system; 
extracting audit records from the audit trail for transmission to the backup 



n 

15 computer system; 

i^^ storing an audit trail position of the first update in the pre-defined data structure 

upon encountering the first lockstep audit record during the extracting step; 

y i 

g storing the first unique transaction identifier in the pre-defined data structure as a 

lockstep audit transaction identifier (LockStep_Audit_TID) upon encountering the first 
fl\ 20 lockstep audit record during the extracting step; 

g transmitting the stream of audit records and a lock-step indicator to the backup 

j|l computer system, wherein the lock-step indicator indicates a lockstep replication 

procedure has initiated, wherein the backup computer system is configured to ensure the 
stream of audit records are durably stored upon receiving the lock-step indicator, and 
25 wherein the backup computer system is configured to transmit to the primary computer 
system a safe position indicating the audit trail position of durably stored audit records 
upon receiving the lock-step indicator; 

comparing the safe position returned by the backup computer system to the audit 
trail position stored in the pre-defined data structure; and 
30 indicating completion of the lockstep replication procedure when the safe position 

is equal to or higher than the audit trail position stored in the pre-defined data structure, 
and when the lockstep gateway transaction identifier (LockStep_Gateway_TID) matches 
the lockstep audit transaction identifier (LockStep_Audit_TID), 

35 12. The method of claim 1 1 , further comprising: 
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pausing execution of an application program upon initiation of the lockstep 
replication procedure; and 

resuming execution of the application program upon completion of the lockstep 
replication procedure. 

5 

13. The method of claim 11, further comprising: 

upon occurrence of an event that disrupts the first lockstep replication procedure 
before completion, performing a second update on the pre-determined file in the primary 
system, the second update being identified by a second unique transaction identifier; 
10 storing the second unique transaction identifier in the pre-defined data structure as 

the lockstep gateway transaction identifier (LockStep_Gateway_TID) in place of the first 
unique transaction identifier. 

14. The method of claim 1 1 , wherein the transmitting step comprises transmitting the 
ffi 15 stream of audit records to the backup computer system one buffer at a time, and wherein 

the backup computer system is configured to return an audit trail position of a last saved 
If j audit record as the safe position without ensuring the audit records of the buffer are 

^. durably stored unless the lockstep indicator is included in the buffer. 

M' 

20 15. In a data replication system having a primary computer system and a backup 

computer system, a method of lock-step replication of database updates that occurred in 
the primary computer system to the backup computer system, the process comprising: 
starting a lockstep replication procedure; 

performing a first update on a pre-determined file in the primary system, the first 
25 update being identified by a first unique transaction identifier; 

storing the first unique transaction identifier in a pre-defined data structure in the 
primary system as a lockstep gateway transaction identifier (Lx)ckStep_Gateway_TID); 

generating audit records that indicate database updates pertaining to database 
transactions performed on the primary system, the audit records further including a first 
30 lockstep audit record that is associated with the first update on the pre-determined file and 
that includes the first unique transaction identifier; 

storing the audit records in an audit trail in the primary system; 
upon an occurrence of an event that disrupts operations of the primary computer 
system, performing the steps of: 
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performing a second update on the pre-detemiined file in the primary 
system, the second update being identified by a second unique transaction identifier, 

replacing the first unique transaction identifier with the second unique 
transaction identifier in the pre-defined data structure, 

generating a second lockstep audit record that is associated with the second 
update on the pre-determined file and that includes the second unique transaction 
identifier, 

storing the second lockstep audit record in the audit trail; 
extracting audit records from the audit trail for transmission to the backup 
computer system; 

concurrently with the extracting step, storing audit trail position of the first lock 
step audit record in the pre-defined data structure upon encountering the first lockstep 
audit record and replacing the stored audit trail position with the audit trail position of the 
second lock step audit record upon encountering the second lockstep audit record; 

concurrently with the extracting step, storing the first unique transaction identifier 
in the pre-defined data structure as a lockstep audit transaction identifier 
(LockStep„Audit_TID) upon encountering the first lockstep audit record and replacing the 
stored lockstep audit transaction identifier with the second unique transaction identifier 
upon encountering the second lockstep audit record; 

transmitting the stream of audit records and a lock-step indicator to the backup 
computer system, wherein the lock-step indicator indicates a lockstep replication 
procedure has initiated, wherein the backup computer system is configured to ensure the 
stream of audit records are durably stored upon receiving the lock-step indicator, and 
wherein the backup computer system is configured to transmit to the primary computer 
system a safe position indicating the audit trail position of durably stored audit records 
upon receiving the lock-step indicator; 

comparing the safe position returned by the backup computer system to the audit 
trail position stored in the pre-defined data structure; and 

indicating completion of the lockstep replication procedure when the safe position 
is equal to or higher than the audit trail position stored in the pre-defined data structure, 
and when the lockstep gateway transaction identifier (LockStep_Gateway_TID) matches 
the lockstep audit transaction identifier (LockStep_Audit_TID). 

16. The method of claim 15, further comprising: 
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pausing execution of an application program upon starting the lockstep replication 
procedure; and 

resuming execution of the application program upon completion of the lockstep 
replication procedure. 

5 

17. The method of claim 15, wherein the transmitting step comprises transmitting the 
stream of audit records to the backup computer system one buffer at a time, and wherein 
the backup computer system is configured to return an audit trail position of a last saved 
audit record as the safe position without ensuring the audit records of the buffer are 
10 durably stored unless the lockstep indicator is included in the buffer. 



18. A database replication system having a primary computer system and a backup 
H' computer system, the primary computer system configured to couple to a database, the 

^! primary computer system having an application program that performs database 

U! 15 transactions on the database, the database replication system comprising: 

a gateway configured to initiate a lockstep replication procedure and perform a first 

update on a pre-determined file in the database upon receiving a lockstep request from the 
g application program, wherein the first update is identified by a first unique transaction 

P identifier; 

P^j 20 a TMF module configured to generate audit records that indicate database updates 

pertaining to database transactions performed on the primary system, wherein the audit 
pj records further include a first lockstep audit record that is associated with the first update 

on the pre-determined file and that includes the first unique transaction identifier, the TMF 
module further configured to store the audit records in an audit trail in the primary system; 
25 an extractor configured to extract audit records from the audit trail for transmission 

to the backup computer system; 

the extractor configured to store the first unique transaction identifier received 
from the gateway process in a pre-defined data structure in the primary system as a 
lockstep gateway transaction identifier (LockStep_Gateway_TID); 
30 the extractor configured to store an audit trail position of the first update in the 

pre-defined data structure upon encountering the first lockstep audit record in the audit 
trail; 

the extractor configured to store the first unique transaction identifier in the 
pre-defined data structure as a lockstep audit transaction identifier (LockStep_Audit_TID) 
35 upon encountering the first lockstep audit record in the audit trail; 
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the extractor configured to transmit the stream of audit records and a lock-step 
indicator to the backup computer system, wherein the lock-step indicator indicates a 
lockstep replication procedure has initiated, wherein the backup computer system is 
configured to ensure the stream of audit records are durably stored upon receiving the 
5 lock-step indicator, and wherein the backup computer system is configured to transmit to 
the extractor a safe position indicating the audit trail position of durably stored audit 
records upon receiving the lock-step indicator; 

the extractor configured to compare the safe position returned by the backup 
computer system to the audit trail position stored in the pre-defined data structure; 
10 the extractor configured to communicate to the gateway a status of the lockstep 

replication procedure when the safe position is equal to or higher than the audit trail 
position stored in the pre-defined data structure, and when the lockstep gateway 
transaction identifier (LockStep_Gateway_TID) matches the lockstep audit transaction 
Q identifier (LockStep_Audit_TlD); and 

'2J. 15 the gateway configured to generate a response to the lockstep request according to 

the status of the lockstep replication procedure. 

tfl 

3 19. The data replication system of claim 18, wherein execution of the application 

^ program pauses upon initialization of the lockstep replication procedure and wherein 

fi,! 20 execution of the application program is configured to resume upon completion of the 
lockstep replication procedure. 



20. The data replication system of claim 18, wherein the gateway is configured to 
perform a second update on the pre-determined file in the primary system upon occurrence 

25 of an event that disrupts the first lockstep replication procedure before completion, the 
second update being identified by a second unique transaction identifier. 

21. The data replication system of claim 20, wherein the gateway is configured to 
replace the second unique transaction identifier in the pre-defined data structure as the 

30 lockstep gateway transaction identifier (LockStep_Gateway_TID) in place of the first 
unique transaction identifier. 

22. The data replication system of claim 18, wherein the extractor transmits the stream 
of audit records to the backup computer system one buffer at a time, and wherein the 

35 backup computer system is configured to return an audit trail position of a last saved audit 



9806-0037-999, Compaq P0-3822US 



-32- 



CAl- 294364.1 



record as the safe position without ensuring the audit records of the buffer are durably 
stored unless the lockstep indicator is included in the buffer. 
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